admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-03-22 13:05:40 -04:00
parent 99d3eaba4d
commit 9d8999b65a
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
16 changed files with 190 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
2015/5xxx/CVE-2015-5374.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2017-07-04T00:00:00",
"ID" : "CVE-2015-5374",
"STATE" : "PUBLIC"
@ -12,30 +12,18 @@
"product" : {
"product_data" : [
{
"product_name" : "Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC 104 for EN100 Ethernet module, EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80",
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01"
},
{
"version_value" : "Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00"
},
{
"version_value" : "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03"
},
{
"version_value" : "Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21"
},
{
"version_value" : "EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02"
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
"vendor_name" : "n/a"
}
]
}
@ -57,7 +45,7 @@
"description" : [
{
"lang" : "eng",
"value" : "CWE-20: Improper Input Validation"
"value" : "n/a"
}
]
}
@ -66,7 +54,22 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
"url" : "https://www.exploit-db.com/exploits/44103/"
},
{
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-01"
},
{
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03"
},
{
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf"
},
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf"
},
{
"url" : "http://www.securityfocus.com/bid/75948"
}
]
}

53
2016/4xxx/CVE-2016-4784.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2017-07-04T00:00:00",
"ID" : "CVE-2016-4784",
"STATE" : "PUBLIC"
@ -12,42 +12,18 @@
"product" : {
"product_data" : [
{
"product_name" : "Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC 104 for EN100 Ethernet module, EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80, SIPROTEC 7SJ686, SIPROTEC 7UT686, SIPROTEC 7SD686, IPROTEC 7SJ66",
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01"
},
{
"version_value" : "Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00"
},
{
"version_value" : "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03"
},
{
"version_value" : "Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21"
},
{
"version_value" : "EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02"
},
{
"version_value" : "SIPROTEC 7SJ686 : All versions < V 4.83"
},
{
"version_value" : "SIPROTEC 7UT686 : All versions < V 4.01"
},
{
"version_value" : "SIPROTEC 7SD686 : All versions < V 4.03"
},
{
"version_value" : "SIPROTEC 7SJ66 : All versions < V 4.20"
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
"vendor_name" : "n/a"
}
]
}
@ -59,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in irmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained."
"value" : "A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained."
}
]
},
@ -69,7 +45,7 @@
"description" : [
{
"lang" : "eng",
"value" : "CWE-311: Missing Encryption of Sensitive Data"
"value" : "n/a"
}
]
}
@ -78,7 +54,22 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-140-02"
},
{
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03"
},
{
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf"
},
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf"
},
{
"url" : "http://www.securityfocus.com/bid/99471"
},
{
"url" : "http://www.securityfocus.com/bid/90773"
}
]
}

39
2016/4xxx/CVE-2016-4785.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2017-07-04T00:00:00",
"ID" : "CVE-2016-4785",
"STATE" : "PUBLIC"
@ -12,30 +12,18 @@
"product" : {
"product_data" : [
{
"product_name" : "Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC 104 for EN100 Ethernet module, EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80",
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01"
},
{
"version_value" : "Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00"
},
{
"version_value" : "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03"
},
{
"version_value" : "Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21"
},
{
"version_value" : "EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02"
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
"vendor_name" : "n/a"
}
]
}
@ -57,7 +45,7 @@
"description" : [
{
"lang" : "eng",
"value" : "CWE-284: Improper Access Control"
"value" : "n/a"
}
]
}
@ -66,7 +54,22 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-16-140-02"
},
{
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03"
},
{
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf"
},
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf"
},
{
"url" : "http://www.securityfocus.com/bid/99471"
},
{
"url" : "http://www.securityfocus.com/bid/90773"
}
]
}

36
2016/7xxx/CVE-2016-7112.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2017-07-04T00:00:00",
"ID" : "CVE-2016-7112",
"STATE" : "PUBLIC"
@ -12,30 +12,18 @@
"product" : {
"product_data" : [
{
"product_name" : "Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC 104 for EN100 Ethernet module, EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80",
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01"
},
{
"version_value" : "Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00"
},
{
"version_value" : "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03"
},
{
"version_value" : "Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21"
},
{
"version_value" : "EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02"
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
"vendor_name" : "n/a"
}
]
}
@ -57,7 +45,7 @@
"description" : [
{
"lang" : "eng",
"value" : "CWE-287: Improper Authentication"
"value" : "n/a"
}
]
}
@ -66,7 +54,19 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03"
},
{
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf"
},
{
"url" : "http://www.securityfocus.com/bid/92747"
},
{
"url" : "http://www.securityfocus.com/bid/99471"
}
]
}

38
2016/7xxx/CVE-2016-7113.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2017-07-04T00:00:00",
"ID" : "CVE-2016-7113",
"STATE" : "PUBLIC"
@ -12,30 +12,18 @@
"product" : {
"product_data" : [
{
"product_name" : "Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC 104 for EN100 Ethernet module, EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80",
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01"
},
{
"version_value" : "Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00"
},
{
"version_value" : "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03"
},
{
"version_value" : "Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21"
},
{
"version_value" : "EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02"
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
"vendor_name" : "n/a"
}
]
}
@ -47,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode."
"value" : "The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets."
}
]
},
@ -57,7 +45,7 @@
"description" : [
{
"lang" : "eng",
"value" : "CWE-20: Improper Input Validation"
"value" : "n/a"
}
]
}
@ -66,7 +54,19 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03"
},
{
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf"
},
{
"url" : "http://www.securityfocus.com/bid/92748"
},
{
"url" : "http://www.securityfocus.com/bid/99471"
}
]
}

50
2016/7xxx/CVE-2016-7114.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2017-07-04T00:00:00",
"ID" : "CVE-2016-7114",
"STATE" : "PUBLIC"
@ -12,42 +12,18 @@
"product" : {
"product_data" : [
{
"product_name" : "Firmware variant PROFINET IO for EN100 Ethernet module, Firmware variant Modbus TCP for EN100 Ethernet module, Firmware variant DNP3 TCP for EN100 Ethernet module, Firmware variant IEC 104 for EN100 Ethernet module, EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80, SIPROTEC 7SJ686, SIPROTEC 7UT686, SIPROTEC 7SD686, SIPROTEC 7SJ66",
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01"
},
{
"version_value" : "Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00"
},
{
"version_value" : "Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03"
},
{
"version_value" : "Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21"
},
{
"version_value" : "EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02"
},
{
"version_value" : "SIPROTEC 7SJ686 : All versions < V 4.87"
},
{
"version_value" : "SIPROTEC 7UT686 : All versions < V 4.02"
},
{
"version_value" : "SIPROTEC 7SD686 : All versions < V 4.05"
},
{
"version_value" : "SIPROTEC 7SJ66 : All versions < V 4.30"
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
"vendor_name" : "n/a"
}
]
}
@ -59,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful."
"value" : "The EN100 Ethernet module before 4.29 for Siemens SIPROTEC 4 and SIPROTEC Compact devices allows remote attackers to bypass authentication and obtain administrative access via unspecified HTTP traffic during an authenticated session."
}
]
},
@ -69,7 +45,7 @@
"description" : [
{
"lang" : "eng",
"value" : "CWE-287: Improper Authentication"
"value" : "n/a"
}
]
}
@ -78,7 +54,19 @@
"references" : {
"reference_data" : [
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03"
},
{
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf"
},
{
"url" : "http://www.securityfocus.com/bid/92745"
},
{
"url" : "http://www.securityfocus.com/bid/99471"
}
]
}

56
2017/1xxx/CVE-2017-1233.json
View File

@ -1,33 +1,10 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Privileges",
"lang" : "eng"
}
]
}
]
},
"CVE_data_meta" : {
"ID" : "CVE-2017-1233",
"DATE_PUBLIC" : "2017-12-20T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2017-12-20T00:00:00",
"ID" : "CVE-2017-1233",
"STATE" : "PUBLIC"
},
"description" : {
"description_data" : [
{
"value" : "IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912.",
"lang" : "eng"
}
]
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -51,15 +28,36 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Privileges"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IBM Security Bulletin 2011765 (BigFix Remote Control)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22011765"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123912"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123912"
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22011765"
}
]
}

66
2017/1xxx/CVE-2017-1773.json
View File

@ -1,30 +1,10 @@
{
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Gain Access",
"lang" : "eng"
}
]
}
]
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-01-30T00:00:00",
"ID" : "CVE-2017-1773",
"STATE" : "PUBLIC"
},
"references" : {
"reference_data" : [
{
"name" : "IBM Security Bulletin 2012758 (DataPower Gateways)",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012758"
},
{
"name" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136817"
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"affects" : {
"vendor" : {
"vendor_data" : [
@ -32,6 +12,7 @@
"product" : {
"product_data" : [
{
"product_name" : "DataPower Gateways",
"version" : {
"version_data" : [
{
@ -53,8 +34,7 @@
"version_value" : "7.6"
}
]
},
"product_name" : "DataPower Gateways"
}
}
]
},
@ -63,18 +43,36 @@
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-01-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1773",
"STATE" : "PUBLIC"
},
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817."
"value" : "IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker using man-in-the-middle techniques to spoof DNS responses to perform DNS cache poisoning and redirect Internet traffic. IBM X-Force ID: 136817."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136817"
},
{
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22012758"
}
]
}

4
2018/1xxx/CVE-2018-1208.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1208",
"STATE" : "RESERVED"
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +11,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

4
2018/1xxx/CVE-2018-1209.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1209",
"STATE" : "RESERVED"
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +11,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

4
2018/1xxx/CVE-2018-1210.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1210",
"STATE" : "RESERVED"
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +11,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

2
2018/5xxx/CVE-2018-5502.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "On BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure"
"value" : "On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure."
}
]
},

2
2018/5xxx/CVE-2018-5503.json
View File

@ -38,7 +38,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "On BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action."
"value" : "On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content insertion as an action."
}
]
},

2
2018/5xxx/CVE-2018-5504.json
View File

@ -38,7 +38,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1."
"value" : "In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP system running versions 13.0.0 - 13.1.0.3 or 12.1.0 - 12.1.3.1."
}
]
},

2
2018/5xxx/CVE-2018-5505.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "On BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP."
"value" : "On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol setting is set to TCP."
}
]
},

2
2018/5xxx/CVE-2018-5509.json
View File

@ -38,7 +38,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "On BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure."
"value" : "On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action, potentially causing a denial of service. The configuration which exposes this issue is not common and in general does not work when enabled in previous versions of BIG-IP. Starting in 12.1.0, BIG-IP will crash if the configuration which exposes this issue is enabled and the virtual server receives non TCP traffic. With the fix of this issue, additional configuration validation logic has been added to prevent this configuration from being applied to a virtual server. There is only data plane exposure to this issue with a non-standard configuration. There is no control plane exposure."
}
]
},